Add information about Vault 1.2 for token_* fields (#565)

vault/data_source_kubernetes_auth_backend_role.go

@@ -49,31 +49,31 @@ func kubernetesAuthBackendRoleDataSource() *schema.Resource {
 				Type: schema.TypeString,
 			},
 			Description: "Policies to be set on tokens issued using this role.",
-			Deprecated:  "use `token_policies` instead",
+			Deprecated:  "use `token_policies` instead if you are running Vault >= 1.2",
 		},
 		"ttl": {
 			Type:        schema.TypeInt,
 			Optional:    true,
 			Description: "Default number of seconds to set as the TTL for issued tokens and at renewal time.",
-			Deprecated:  "use `token_ttl` instead",
+			Deprecated:  "use `token_ttl` instead if you are running Vault >= 1.2",
 		},
 		"max_ttl": {
 			Type:        schema.TypeInt,
 			Optional:    true,
 			Description: "Number of seconds after which issued tokens can no longer be renewed.",
-			Deprecated:  "use `token_max_ttl` instead",
+			Deprecated:  "use `token_max_ttl` instead if you are running Vault >= 1.2",
 		},
 		"period": {
 			Type:        schema.TypeInt,
 			Optional:    true,
 			Description: "Number of seconds to set the TTL to for issued tokens upon renewal. Makes the token a periodic token, which will never expire as long as it is renewed before the TTL each period.",
-			Deprecated:  "use `token_period` instead",
+			Deprecated:  "use `token_period` instead if you are running Vault >= 1.2",
 		},
 		"num_uses": {
 			Type:        schema.TypeInt,
 			Optional:    true,
 			Description: "Number of times issued tokens can be used. Setting this to 0 or leaving it unset means unlimited uses.",
-			Deprecated:  "use `token_num_uses` instead",
+			Deprecated:  "use `token_num_uses` instead if you are running Vault >= 1.2",
 		},
 		"bound_cidrs": {
 			Type:        schema.TypeSet,
@@ -82,7 +82,7 @@ func kubernetesAuthBackendRoleDataSource() *schema.Resource {
 			Elem: &schema.Schema{
 				Type: schema.TypeString,
 			},
-			Deprecated: "use `token_bound_cidrs` instead",
+			Deprecated: "use `token_bound_cidrs` instead if you are running Vault >= 1.2",
 		},
 	}
 

vault/resource_approle_auth_backend_role.go

@@ -85,14 +85,14 @@ func approleAuthBackendRoleResource() *schema.Resource {
 				Type: schema.TypeString,
 			},
 			Description:   "Policies to be set on tokens issued using this AppRole.",
-			Deprecated:    "use `token_policies` instead",
+			Deprecated:    "use `token_policies` instead if you are running Vault >= 1.2",
 			ConflictsWith: []string{"token_policies"},
 		},
 		"period": {
 			Type:          schema.TypeInt,
 			Optional:      true,
 			Description:   "Number of seconds to set the TTL to for issued tokens upon renewal. Makes the token a periodic token, which will never expire as long as it is renewed before the TTL each period.",
-			Deprecated:    "use `token_period` instead",
+			Deprecated:    "use `token_period` instead if you are running Vault >= 1.2",
 			ConflictsWith: []string{"token_period"},
 		},
 	}

vault/resource_aws_auth_backend_role.go

@@ -210,21 +210,21 @@ func awsAuthBackendRoleResource() *schema.Resource {
 			Type:          schema.TypeInt,
 			Optional:      true,
 			Description:   "The TTL period of tokens issued using this role, provided as the number of seconds.",
-			Deprecated:    "use `token_ttl` instead",
+			Deprecated:    "use `token_ttl` instead if you are running Vault >= 1.2",
 			ConflictsWith: []string{"token_ttl"},
 		},
 		"max_ttl": {
 			Type:          schema.TypeInt,
 			Optional:      true,
 			Description:   "The maximum allowed lifetime of tokens issued using this role, provided as the number of seconds.",
-			Deprecated:    "use `token_max_ttl` instead",
+			Deprecated:    "use `token_max_ttl` instead if you are running Vault >= 1.2",
 			ConflictsWith: []string{"token_max_ttl"},
 		},
 		"period": {
 			Type:          schema.TypeInt,
 			Optional:      true,
 			Description:   "If set, indicates that the token generated using this role should never expire. The token should be renewed within the duration specified by this value. At each renewal, the token's TTL will be set to the value of this field. The maximum allowed lifetime of token issued using this role. Specified as a number of seconds.",
-			Deprecated:    "use `token_period` instead",
+			Deprecated:    "use `token_period` instead if you are running Vault >= 1.2",
 			ConflictsWith: []string{"token_period"},
 		},
 		"policies": {
@@ -234,7 +234,7 @@ func awsAuthBackendRoleResource() *schema.Resource {
 				Type: schema.TypeString,
 			},
 			Description:   "Policies to be set on tokens issued using this role.",
-			Deprecated:    "use `token_policies` instead",
+			Deprecated:    "use `token_policies` instead if you are running Vault >= 1.2",
 			ConflictsWith: []string{"token_policies"},
 		},
 	}

vault/resource_azure_auth_backend_role.go

@@ -88,21 +88,21 @@ func azureAuthBackendRoleResource() *schema.Resource {
 			Type:          schema.TypeInt,
 			Optional:      true,
 			Description:   "The TTL period of tokens issued using this role, provided as the number of seconds.",
-			Deprecated:    "use `token_ttl` instead",
+			Deprecated:    "use `token_ttl` instead if you are running Vault >= 1.2",
 			ConflictsWith: []string{"token_ttl"},
 		},
 		"max_ttl": {
 			Type:          schema.TypeInt,
 			Optional:      true,
 			Description:   "The maximum allowed lifetime of tokens issued using this role, provided as the number of seconds.",
-			Deprecated:    "use `token_max_ttl` instead",
+			Deprecated:    "use `token_max_ttl` instead if you are running Vault >= 1.2",
 			ConflictsWith: []string{"token_max_ttl"},
 		},
 		"period": {
 			Type:          schema.TypeInt,
 			Optional:      true,
 			Description:   "If set, indicates that the token generated using this role should never expire. The token should be renewed within the duration specified by this value. At each renewal, the token's TTL will be set to the value of this field. The maximum allowed lifetime of token issued using this role. Specified as a number of seconds.",
-			Deprecated:    "use `token_period` instead",
+			Deprecated:    "use `token_period` instead if you are running Vault >= 1.2",
 			ConflictsWith: []string{"token_period"},
 		},
 		"policies": {
@@ -112,7 +112,7 @@ func azureAuthBackendRoleResource() *schema.Resource {
 				Type: schema.TypeString,
 			},
 			Description:   "Policies to be set on tokens issued using this role.",
-			Deprecated:    "use `token_policies` instead",
+			Deprecated:    "use `token_policies` instead if you are running Vault >= 1.2",
 			ConflictsWith: []string{"token_policies"},
 		},
 	}

vault/resource_cert_auth_backend_role.go

@@ -101,28 +101,28 @@ func certAuthBackendRoleResource() *schema.Resource {
 			},
 			Optional:      true,
 			Computed:      true,
-			Deprecated:    "use `token_bound_cidrs` instead",
+			Deprecated:    "use `token_bound_cidrs` instead if you are running Vault >= 1.2",
 			ConflictsWith: []string{"token_bound_cidrs"},
 		},
 		"ttl": {
 			Type:          schema.TypeString,
 			Optional:      true,
 			Computed:      true,
-			Deprecated:    "use `token_ttl` instead",
+			Deprecated:    "use `token_ttl` instead if you are running Vault >= 1.2",
 			ConflictsWith: []string{"token_ttl"},
 		},
 		"max_ttl": {
 			Type:          schema.TypeString,
 			Optional:      true,
 			Computed:      true,
-			Deprecated:    "use `token_max_ttl` instead",
+			Deprecated:    "use `token_max_ttl` instead if you are running Vault >= 1.2",
 			ConflictsWith: []string{"token_max_ttl"},
 		},
 		"period": {
 			Type:          schema.TypeString,
 			Optional:      true,
 			Computed:      true,
-			Deprecated:    "use `token_period` instead",
+			Deprecated:    "use `token_period` instead if you are running Vault >= 1.2",
 			ConflictsWith: []string{"token_period"},
 		},
 		"policies": {
@@ -132,7 +132,7 @@ func certAuthBackendRoleResource() *schema.Resource {
 			},
 			Optional:      true,
 			Computed:      true,
-			Deprecated:    "use `token_policies` instead",
+			Deprecated:    "use `token_policies` instead if you are running Vault >= 1.2",
 			ConflictsWith: []string{"token_policies"},
 		},
 	}

vault/resource_gcp_auth_backend_role.go

@@ -107,20 +107,20 @@ func gcpAuthBackendRoleResource() *schema.Resource {
 			Optional:      true,
 			Computed:      true,
 			ConflictsWith: []string{"token_ttl"},
-			Deprecated:    "use `token_ttl` instead",
+			Deprecated:    "use `token_ttl` instead if you are running Vault >= 1.2",
 		},
 		"max_ttl": {
 			Type:          schema.TypeString,
 			Optional:      true,
 			Computed:      true,
-			Deprecated:    "use `token_max_ttl` instead",
+			Deprecated:    "use `token_max_ttl` instead if you are running Vault >= 1.2",
 			ConflictsWith: []string{"token_max_ttl"},
 		},
 		"period": {
 			Type:          schema.TypeString,
 			Optional:      true,
 			Computed:      true,
-			Deprecated:    "use `token_period` instead",
+			Deprecated:    "use `token_period` instead if you are running Vault >= 1.2",
 			ConflictsWith: []string{"token_period"},
 		},
 		"policies": {
@@ -130,7 +130,7 @@ func gcpAuthBackendRoleResource() *schema.Resource {
 			},
 			Optional:      true,
 			Computed:      true,
-			Deprecated:    "use `token_policies` instead",
+			Deprecated:    "use `token_policies` instead if you are running Vault >= 1.2",
 			ConflictsWith: []string{"token_policies"},
 		},
 	}

vault/resource_github_auth_backend.go

@@ -42,15 +42,15 @@ func githubAuthBackendResource() *schema.Resource {
 			Optional:      true,
 			Description:   "Duration after which authentication will be expired, in seconds.",
 			ValidateFunc:  validateDuration,
-			Deprecated:    "use `token_ttl` instead",
+			Deprecated:    "use `token_ttl` instead if you are running Vault >= 1.2",
 			ConflictsWith: []string{"token_ttl"},
 		},
 		"max_ttl": {
 			Type:          schema.TypeString,
 			Optional:      true,
 			Description:   "Maximum duration after which authentication will be expired, in seconds.",
 			ValidateFunc:  validateDuration,
-			Deprecated:    "use `token_max_ttl` instead",
+			Deprecated:    "use `token_max_ttl` instead if you are running Vault >= 1.2",
 			ConflictsWith: []string{"token_max_ttl"},
 		},
 		"accessor": {

vault/resource_jwt_auth_backend_role.go

@@ -130,35 +130,35 @@ func jwtAuthBackendRoleResource() *schema.Resource {
 				Type: schema.TypeString,
 			},
 			Description:   "Policies to be set on tokens issued using this role.",
-			Deprecated:    "use `token_policies` instead",
+			Deprecated:    "use `token_policies` instead if you are running Vault >= 1.2",
 			ConflictsWith: []string{"token_policies"},
 		},
 		"ttl": {
 			Type:          schema.TypeInt,
 			Optional:      true,
 			Description:   "Default number of seconds to set as the TTL for issued tokens and at renewal time.",
 			ConflictsWith: []string{"period", "token_ttl", "token_period"},
-			Deprecated:    "use `token_ttl` instead",
+			Deprecated:    "use `token_ttl` instead if you are running Vault >= 1.2",
 		},
 		"max_ttl": {
 			Type:          schema.TypeInt,
 			Optional:      true,
 			Description:   "Number of seconds after which issued tokens can no longer be renewed.",
-			Deprecated:    "use `token_max_ttl` instead",
+			Deprecated:    "use `token_max_ttl` instead if you are running Vault >= 1.2",
 			ConflictsWith: []string{"token_max_ttl"},
 		},
 		"period": {
 			Type:          schema.TypeInt,
 			Optional:      true,
 			Description:   "Number of seconds to set the TTL to for issued tokens upon renewal. Makes the token a periodic token, which will never expire as long as it is renewed before the TTL each period.",
 			ConflictsWith: []string{"ttl", "token_period", "token_ttl"},
-			Deprecated:    "use `token_period` instead",
+			Deprecated:    "use `token_period` instead if you are running Vault >= 1.2",
 		},
 		"num_uses": {
 			Type:          schema.TypeInt,
 			Optional:      true,
 			Description:   "Number of times issued tokens can be used. Setting this to 0 or leaving it unset means unlimited uses.",
-			Deprecated:    "use `token_num_uses` instead",
+			Deprecated:    "use `token_num_uses` instead if you are running Vault >= 1.2",
 			ConflictsWith: []string{"token_num_uses"},
 		},
 		"bound_cidrs": {
@@ -168,7 +168,7 @@ func jwtAuthBackendRoleResource() *schema.Resource {
 			Elem: &schema.Schema{
 				Type: schema.TypeString,
 			},
-			Deprecated:    "use `token_bound_cidrs` instead",
+			Deprecated:    "use `token_bound_cidrs` instead if you are running Vault >= 1.2",
 			ConflictsWith: []string{"token_bound_cidrs"},
 		},
 	}

vault/resource_kubernetes_auth_backend_role.go

@@ -56,35 +56,35 @@ func kubernetesAuthBackendRoleResource() *schema.Resource {
 				Type: schema.TypeString,
 			},
 			Description:   "Policies to be set on tokens issued using this role.",
-			Deprecated:    "use `token_policies` instead",
+			Deprecated:    "use `token_policies` instead if you are running Vault >= 1.2",
 			ConflictsWith: []string{"token_policies"},
 		},
 		"ttl": {
 			Type:          schema.TypeInt,
 			Optional:      true,
 			Description:   "Default number of seconds to set as the TTL for issued tokens and at renewal time.",
 			ConflictsWith: []string{"token_ttl"},
-			Deprecated:    "use `token_ttl` instead",
+			Deprecated:    "use `token_ttl` instead if you are running Vault >= 1.2",
 		},
 		"max_ttl": {
 			Type:          schema.TypeInt,
 			Optional:      true,
 			Description:   "Number of seconds after which issued tokens can no longer be renewed.",
-			Deprecated:    "use `token_max_ttl` instead",
+			Deprecated:    "use `token_max_ttl` instead if you are running Vault >= 1.2",
 			ConflictsWith: []string{"token_max_ttl"},
 		},
 		"period": {
 			Type:          schema.TypeInt,
 			Optional:      true,
 			Description:   "Number of seconds to set the TTL to for issued tokens upon renewal. Makes the token a periodic token, which will never expire as long as it is renewed before the TTL each period.",
 			ConflictsWith: []string{"token_period"},
-			Deprecated:    "use `token_period` instead",
+			Deprecated:    "use `token_period` instead if you are running Vault >= 1.2",
 		},
 		"num_uses": {
 			Type:          schema.TypeInt,
 			Optional:      true,
 			Description:   "Number of times issued tokens can be used. Setting this to 0 or leaving it unset means unlimited uses.",
-			Deprecated:    "use `token_num_uses` instead",
+			Deprecated:    "use `token_num_uses` instead if you are running Vault >= 1.2",
 			ConflictsWith: []string{"token_num_uses"},
 		},
 		"bound_cidrs": {
@@ -94,7 +94,7 @@ func kubernetesAuthBackendRoleResource() *schema.Resource {
 			Elem: &schema.Schema{
 				Type: schema.TypeString,
 			},
-			Deprecated:    "use `token_bound_cidrs` instead",
+			Deprecated:    "use `token_bound_cidrs` instead if you are running Vault >= 1.2",
 			ConflictsWith: []string{"token_bound_cidrs"},
 		},
 	}

vault/resource_token_auth_backend_role.go

@@ -81,13 +81,13 @@ func tokenAuthBackendRoleResource() *schema.Resource {
 			Optional:      true,
 			Description:   "Number of seconds to set the TTL to for issued tokens upon renewal. Makes the token a periodic token, which will never expire as long as it is renewed before the TTL each period.",
 			ConflictsWith: []string{"token_period", "token_ttl"},
-			Deprecated:    "use `token_period` instead",
+			Deprecated:    "use `token_period` instead if you are running Vault >= 1.2",
 		},
 		"explicit_max_ttl": {
 			Type:          schema.TypeString,
 			Optional:      true,
 			Description:   "Number of seconds after which issued tokens can no longer be renewed.",
-			Deprecated:    "use `token_explicit_max_ttl` instead",
+			Deprecated:    "use `token_explicit_max_ttl` instead if you are running Vault >= 1.2",
 			ConflictsWith: []string{"token_explicit_max_ttl"},
 		},
 		"bound_cidrs": {
@@ -97,7 +97,7 @@ func tokenAuthBackendRoleResource() *schema.Resource {
 			Elem: &schema.Schema{
 				Type: schema.TypeString,
 			},
-			Deprecated:    "use `token_bound_cidrs` instead",
+			Deprecated:    "use `token_bound_cidrs` instead if you are running Vault >= 1.2",
 			ConflictsWith: []string{"token_bound_cidrs"},
 		},
 	}

website/docs/d/kubernetes_auth_backend_role.md

@@ -38,28 +38,28 @@ The following arguments are supported:
 
 In addition to the above arguments, the following attributes are exported:
 
-* `bound_cirs` (Deprecated; use `token_bound_cidrs` instead) - List of CIDR blocks. If set,
+* `bound_cirs` (Deprecated; use `token_bound_cidrs` instead if you are running Vault >= 1.2) - List of CIDR blocks. If set,
   specifies the blocks of IP addresses which can perform the login operation.
 
 * `bound_service_account_names` - List of service account names able to access this role. If set to "*" all names are allowed, both this and bound_service_account_namespaces can not be "*".
 
 * `bound_service_account_namespaces` - List of namespaces allowed to access this role. If set to "*" all namespaces are allowed, both this and bound_service_account_names can not be set to "*".
 
-* `ttl` (Deprecated; use `token_ttl` instead) - The TTL period of tokens issued using this
+* `ttl` (Deprecated; use `token_ttl` instead if you are running Vault >= 1.2) - The TTL period of tokens issued using this
   role in seconds.
 
-* `max_ttl` (Deprecated; use `token_max_ttl` instead) - The maximum allowed lifetime of
+* `max_ttl` (Deprecated; use `token_max_ttl` instead if you are running Vault >= 1.2) - The maximum allowed lifetime of
   tokens issued in seconds using this role.
 
-* `num_uses` (Deprecated' use `token_num_uses` instead) - Number of times issued tokens can
+* `num_uses` (Deprecated; use `token_num_uses` instead if you are running Vault >= 1.2) - Number of times issued tokens can
   be used. Setting this to 0 or leaving it unset means unlimited uses.
 
-* `period` (Deprecated; use `token_period` instead) - If set, indicates that the token
+* `period` (Deprecated; use `token_period` instead if you are running Vault >= 1.2) - If set, indicates that the token
   generated using this role should never expire. The token should be renewed within the
   duration specified by this value. At each renewal, the token's TTL will be set to the value
   of this parameter.
 
-* `policies` (Deprecated; use `token_policies` instead) - Policies to be set on tokens issued
+* `policies` (Deprecated; use `token_policies` instead if you are running Vault >= 1.2) - Policies to be set on tokens issued
   using this role.
 
 ### Common Token Attributes
@@ -72,6 +72,11 @@ These attributes are common across several Authentication Token resources since
 * `token_max_ttl` - The maximum lifetime for generated tokens in number of seconds.
   Its current value will be referenced at renewal time.
 
+* `token_period` - (Optional) If set, indicates that the
+  token generated using this role should never expire. The token should be renewed within the
+  duration specified by this value. At each renewal, the token's TTL will be set to the
+  value of this field. Specified in seconds.
+
 * `token_policies` - List of policies to encode onto generated tokens. Depending
   on the auth method, this list may be supplemented by user/group/other values.